'\" t
.TH "NETWORKD\&.CONF" "5" "" "systemd 257.1" "networkd.conf"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
networkd.conf, networkd.conf.d \- Global Network configuration files
.SH "SYNOPSIS"
.PP
.RS 4
/etc/systemd/networkd\&.conf
.RE
.RS 4
/run/systemd/networkd\&.conf
.RE
.RS 4
/usr/local/lib/systemd/networkd\&.conf
.RE
.RS 4
/usr/lib/systemd/networkd\&.conf
.RE
.RS 4
/etc/systemd/networkd\&.conf\&.d/*\&.conf
.RE
.RS 4
/run/systemd/networkd\&.conf\&.d/*\&.conf
.RE
.RS 4
/usr/local/lib/systemd/networkd\&.conf\&.d/*\&.conf
.RE
.RS 4
/usr/lib/systemd/networkd\&.conf\&.d/*\&.conf
.RE
.SH "DESCRIPTION"
.PP
These configuration files control global network parameters\&.
.SH "CONFIGURATION DIRECTORIES AND PRECEDENCE"
.PP
The default configuration is set during compilation, so configuration is only needed when it is necessary to deviate from those defaults\&. The main configuration file is loaded from one of the listed directories in order of priority, only the first file found is used:
/etc/systemd/,
/run/systemd/,
/usr/local/lib/systemd/
\&\s-2\u[1]\d\s+2,
/usr/lib/systemd/\&. The vendor version of the file contains commented out entries showing the defaults as a guide to the administrator\&. Local overrides can also be created by creating drop\-ins, as described below\&. The main configuration file can also be edited for this purpose (or a copy in
/etc/
if it\*(Aqs shipped under
/usr/), however using drop\-ins for local configuration is recommended over modifications to the main configuration file\&.
.PP
In addition to the main configuration file, drop\-in configuration snippets are read from
/usr/lib/systemd/*\&.conf\&.d/,
/usr/local/lib/systemd/*\&.conf\&.d/, and
/etc/systemd/*\&.conf\&.d/\&. Those drop\-ins have higher precedence and override the main configuration file\&. Files in the
*\&.conf\&.d/
configuration subdirectories are sorted by their filename in lexicographic order, regardless of in which of the subdirectories they reside\&. When multiple files specify the same option, for options which accept just a single value, the entry in the file sorted last takes precedence, and for options which accept a list of values, entries are collected as they occur in the sorted files\&.
.PP
When packages need to customize the configuration, they can install drop\-ins under
/usr/\&. Files in
/etc/
are reserved for the local administrator, who may use this logic to override the configuration files installed by vendor packages\&. Drop\-ins have to be used to override package drop\-ins, since the main configuration file has lower precedence\&. It is recommended to prefix all filenames in those subdirectories with a two\-digit number and a dash, to simplify the ordering\&. This also defines a concept of drop\-in priorities to allow OS vendors to ship drop\-ins within a specific range lower than the range used by users\&. This should lower the risk of package drop\-ins overriding accidentally drop\-ins defined by users\&. It is recommended to use the range 10\-40 for drop\-ins in
/usr/
and the range 60\-90 for drop\-ins in
/etc/
and
/run/, to make sure that local and transient drop\-ins take priority over drop\-ins shipped by the OS vendor\&.
.PP
To disable a configuration file supplied by the vendor, the recommended way is to place a symlink to
/dev/null
in the configuration directory in
/etc/, with the same filename as the vendor configuration file\&.
.SH "[NETWORK] SECTION OPTIONS"
.PP
The following options are available in the [Network] section:
.PP
\fISpeedMeter=\fR
.RS 4
Takes a boolean\&. If set to yes, then
\fBsystemd\-networkd\fR
measures the traffic of each interface, and
\fBnetworkctl status \fR\fB\fIINTERFACE\fR\fR
shows the measured speed\&. Defaults to no\&.
.sp
Added in version 244\&.
.RE
.PP
\fISpeedMeterIntervalSec=\fR
.RS 4
Specifies the time interval to calculate the traffic speed of each interface\&. If
\fISpeedMeter=no\fR, the value is ignored\&. Defaults to 10sec\&.
.sp
Added in version 244\&.
.RE
.PP
\fIManageForeignRoutingPolicyRules=\fR
.RS 4
A boolean\&. When true,
\fBsystemd\-networkd\fR
will remove rules that are not configured in \&.network files (except for rules with protocol
"kernel")\&. When false, it will not remove any foreign rules, keeping them even if they are not configured in a \&.network file\&. Defaults to yes\&.
.sp
Added in version 249\&.
.RE
.PP
\fIManageForeignRoutes=\fR
.RS 4
A boolean\&. When true,
\fBsystemd\-networkd\fR
will remove routes that are not configured in \&.network files (except for routes with protocol
"kernel",
"dhcp"
when
\fIKeepConfiguration=\fR
is true or
"dhcp", and
"static"
when
\fIKeepConfiguration=\fR
is true or
"static")\&. When false, it will not remove any foreign routes, keeping them even if they are not configured in a \&.network file\&. Defaults to yes\&.
.sp
Added in version 246\&.
.RE
.PP
\fIManageForeignNextHops=\fR
.RS 4
A boolean\&. When true,
\fBsystemd\-networkd\fR
will remove nexthops that are not configured in \&.network files (except for routes with protocol
"kernel")\&. When false, it will not remove any foreign nexthops, keeping them even if they are not configured in a \&.network file\&. Defaults to yes\&.
.sp
Added in version 256\&.
.RE
.PP
\fIRouteTable=\fR
.RS 4
Defines the route table name\&. Takes a whitespace\-separated list of the pairs of route table name and number\&. The route table name and number in each pair are separated with a colon, i\&.e\&.,
"\fIname\fR:\fInumber\fR"\&. The route table name must not be
"default",
"main", or
"local", as these route table names are predefined with route table number 253, 254, and 255, respectively\&. The route table number must be an integer in the range 1\&...4294967295, except for predefined numbers 253, 254, and 255\&. This setting can be specified multiple times\&. If an empty string is specified, then the list specified earlier are cleared\&. Defaults to unset\&.
.sp
Added in version 248\&.
.RE
.PP
\fIIPv4Forwarding=\fR
.RS 4
Configures IPv4 packet forwarding for the system\&. Takes a boolean value\&. This controls the
net\&.ipv4\&.conf\&.default\&.forwarding
and
net\&.ipv4\&.conf\&.all\&.forwardingsysctl options\&. See
\m[blue]\fBIP Sysctl\fR\m[]\&\s-2\u[2]\d\s+2
for more details about the sysctl options\&. Defaults to unset and the sysctl options will not be changed\&.
.sp
If an interface is configured with a \&.network file that enables
\fIIPMasquerade=\fR
for IPv4 (that is,
"ipv4"
or
"both"), this setting is implied unless explicitly specified\&. See
\fIIPMasquerade=\fR
in
\fBsystemd.network\fR(5)
for more details\&.
.sp
Added in version 256\&.
.RE
.PP
\fIIPv6Forwarding=\fR
.RS 4
Configures IPv6 packet forwarding for the system\&. Takes a boolean value\&. This controls the
net\&.ipv6\&.conf\&.default\&.forwarding
and
net\&.ipv6\&.conf\&.all\&.forwarding
sysctl options\&. See
\m[blue]\fBIP Sysctl\fR\m[]\&\s-2\u[2]\d\s+2
for more details about the sysctl options\&. Defaults to unset and the sysctl options will not be changed\&.
.sp
If an interface is configured with a \&.network file that enables
\fIIPMasquerade=\fR
for IPv6 (that is,
"ipv6"
or
"both"), this setting is implied unless explicitly specified\&. See
\fIIPMasquerade=\fR
in
\fBsystemd.network\fR(5)
for more details\&.
.sp
Added in version 256\&.
.RE
.PP
\fIIPv6PrivacyExtensions=\fR
.RS 4
Specifies the default value for per\-network
\fIIPv6PrivacyExtensions=\fR\&. Takes a boolean or the special values
"prefer\-public"
and
"kernel"\&. See for details in
\fBsystemd.network\fR(5)\&. Defaults to
"no"\&.
.sp
Added in version 254\&.
.RE
.PP
\fIUseDomains=\fR
.RS 4
Specifies the network\- and protocol\-independent default value for the same settings in [IPv6AcceptRA], [DHCPv4], and [DHCPv6] sections below\&. Takes a boolean, or the special value
\fBroute\fR\&. See the same setting in
\fBsystemd.network\fR(5)\&. Defaults to
"no"\&.
.sp
Added in version 256\&.
.RE
.SH "[IPV6ACCEPTRA] SECTION OPTIONS"
.PP
This section configures the default setting of the Neighbor Discovery\&. The following options are available in the [IPv6AcceptRA] section:
.PP
\fIUseDomains=\fR
.RS 4
Specifies the network\-independent default value for the same setting in the [IPv6AcceptRA] section in
\fBsystemd.network\fR(5)\&. Takes a boolean, or the special value
\fBroute\fR\&. When unspecified, the value specified in the [Network] section in
\fBnetworkd.conf\fR(5), which defaults to
"no", will be used\&.
.sp
Added in version 256\&.
.RE
.SH "[IPV6ADDRESSLABEL] SECTION OPTIONS"
.PP
An [IPv6AddressLabel] section accepts the following keys\&. Specify multiple [IPv6AddressLabel] sections to configure multiple address labels\&. IPv6 address labels are used for address selection\&. See
\m[blue]\fBRFC 3484\fR\m[]\&\s-2\u[3]\d\s+2\&. Precedence is managed by userspace, and only the label itself is stored in the kernel\&.
.PP
\fILabel=\fR
.RS 4
The label for the prefix, an unsigned integer in the range 0\&...4294967294\&. 0xffffffff is reserved\&. This setting is mandatory\&.
.sp
Added in version 257\&.
.RE
.PP
\fIPrefix=\fR
.RS 4
IPv6 prefix is an address with a prefix length, separated by a slash
"/"
character\&. This setting is mandatory\&.
.sp
Added in version 257\&.
.RE
.SH "[DHCPV4] SECTION OPTIONS"
.PP
This section configures the DHCP Unique Identifier (DUID) value used by DHCP protocol\&. DHCPv4 client protocol sends IAID and DUID to the DHCP server when acquiring a dynamic IPv4 address if
\fBClientIdentifier=duid\fR\&. IAID and DUID allows a DHCP server to uniquely identify the machine and the interface requesting a DHCP IP address\&. To configure IAID and ClientIdentifier, see
\fBsystemd.network\fR(5)\&.
.PP
The following options are understood:
.PP
\fIDUIDType=\fR
.RS 4
Specifies how the DUID should be generated\&. See
\m[blue]\fBRFC 3315\fR\m[]\&\s-2\u[4]\d\s+2
for a description of all the options\&.
.sp
This takes an integer in the range 0\&...65535, or one of the following string values:
.PP
\fBvendor\fR
.RS 4
If
"DUIDType=vendor", then the DUID value will be generated using
"43793"
as the vendor identifier (systemd) and hashed contents of
\fBmachine-id\fR(5)\&. This is the default if
\fIDUIDType=\fR
is not specified\&.
.sp
Added in version 230\&.
.RE
.PP
\fBuuid\fR
.RS 4
If
"DUIDType=uuid", and
\fIDUIDRawData=\fR
is not set, then the product UUID is used as a DUID value\&. If a system does not have valid product UUID, then an application\-specific
\fBmachine-id\fR(5)
is used as a DUID value\&. About the application\-specific machine ID, see
\fBsd_id128_get_machine_app_specific\fR(3)\&.
.sp
Added in version 230\&.
.RE
.PP
\fBlink\-layer\-time[:\fR\fB\fITIME\fR\fR\fB]\fR, \fBlink\-layer\fR
.RS 4
If
"link\-layer\-time"
or
"link\-layer"
is specified, then the MAC address of the interface is used as a DUID value\&. The value
"link\-layer\-time"
can take additional time value after a colon, e\&.g\&.
"link\-layer\-time:2018\-01\-23 12:34:56 UTC"\&. The default time value is
"2000\-01\-01 00:00:00 UTC"\&.
.sp
Added in version 240\&.
.RE
.sp
In all cases,
\fIDUIDRawData=\fR
can be used to override the actual DUID value that is used\&.
.sp
Added in version 230\&.
.RE
.PP
\fIDUIDRawData=\fR
.RS 4
Specifies the DHCP DUID value as a single newline\-terminated, hexadecimal string, with each byte separated by
":"\&. The DUID that is sent is composed of the DUID type specified by
\fIDUIDType=\fR
and the value configured here\&.
.sp
The DUID value specified here overrides the DUID that
\fBsystemd-networkd.service\fR(8)
generates from the machine ID\&. To configure DUID per\-network, see
\fBsystemd.network\fR(5)\&. The configured DHCP DUID should conform to the specification in
\m[blue]\fBRFC 3315\fR\m[]\&\s-2\u[5]\d\s+2,
\m[blue]\fBRFC 6355\fR\m[]\&\s-2\u[6]\d\s+2\&. To configure IAID, see
\fBsystemd.network\fR(5)\&.
.PP
\fBExample\ \&1.\ \&A DUIDType=vendor with a custom value\fR
.sp
.if n \{\
.RS 4
.\}
.nf
DUIDType=vendor
DUIDRawData=00:00:ab:11:f9:2a:c2:77:29:f9:5c:00
.fi
.if n \{\
.RE
.\}
.sp
This specifies a 14 byte DUID, with the type DUID\-EN ("00:02"), enterprise number 43793 ("00:00:ab:11"), and identifier value
"f9:2a:c2:77:29:f9:5c:00"\&.

Added in version 230\&.
.RE
.PP
\fIUseDomains=\fR
.RS 4
Same as the one in the [IPv6AcceptRA] section, but applied for DHCPv4 protocol\&.
.sp
Added in version 256\&.
.RE
.SH "[DHCPV6] SECTION OPTIONS"
.PP
This section configures the DHCP Unique Identifier (DUID) value used by DHCPv6 protocol\&. DHCPv6 client protocol sends the DHCP Unique Identifier and the interface Identity Association Identifier (IAID) to a DHCPv6 server when acquiring a dynamic IPv6 address\&. IAID and DUID allows a DHCPv6 server to uniquely identify the machine and the interface requesting a DHCP IP address\&. To configure IAID, see
\fBsystemd.network\fR(5)\&.
.PP
The following options are understood:
.PP
\fIDUIDType=\fR, \fIDUIDRawData=\fR
.RS 4
As in the [DHCPv4] section\&.
.sp
Added in version 249\&.
.RE
.PP
\fIUseDomains=\fR
.RS 4
As in the [DHCPv4] section\&.
.sp
Added in version 256\&.
.RE
.SH "[DHCPSERVER] SECTION OPTIONS"
.PP
This section configures the default setting of the DHCP server\&. The following options are available in the [DHCPServer] section:
.PP
\fIUseDomains=\fR
.RS 4
Same as the one in the [IPv6AcceptRA] section, but applied for DHCPv4 protocol\&.
.sp
Added in version 256\&.
.RE
.SH "SEE ALSO"
.PP
\fBsystemd\fR(1), \fBsystemd.network\fR(5), \fBsystemd-networkd.service\fR(8), \fBmachine-id\fR(5), \fBsd_id128_get_machine_app_specific\fR(3)
.SH "NOTES"
.IP " 1." 4
💣💥🧨💥💥💣 Please note that those configuration files must be available at all times. If
/usr/local/
is a separate partition, it may not be available during early boot, and must not be used for configuration.
.IP " 2." 4
IP Sysctl
.RS 4
\%https://docs.kernel.org/networking/ip-sysctl.html
.RE
.IP " 3." 4
RFC 3484
.RS 4
\%https://tools.ietf.org/html/rfc3484
.RE
.IP " 4." 4
RFC 3315
.RS 4
\%https://tools.ietf.org/html/rfc3315#section-9
.RE
.IP " 5." 4
RFC 3315
.RS 4
\%http://tools.ietf.org/html/rfc3315#section-9
.RE
.IP " 6." 4
RFC 6355
.RS 4
\%http://tools.ietf.org/html/rfc6355
.RE
